http://news.cnet.com/8301-27080_3-20009190-245.html By Elinor Mills InSecurity Complex CNet News June 29, 2010 Adobe on Tuesday released updates for Reader and Acrobat that plug 17 critical holes, including one being exploited in the wild to take control of computers and one that could be used to launch an attack using social engineering and PDF files. Adobe warned about the vulnerability being used in attacks, which also affected Flash Player, in early June and plugged the hole in Flash on June 10. Meanwhile, the PDF vulnerability was made public in late March by security researcher Didier Stevens, who fashioned a proof-of-concept attack that relied on the "/launch" functionality. Another researcher at NitroSecurity took advantage of the same flaw to create a proof-of-concept attack about a week later. "We added functionality to block any attempts to launch an executable or other harmful objects by default," Adobe's Steve Gottwals, wrote in a blog post on Tuesday. "We also altered the way the existing warning dialog works to thwart the known social engineering attacks." [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Tue Jun 29 2010 - 22:25:07 PDT
This archive was generated by hypermail 2.2.0 : Tue Jun 29 2010 - 22:32:18 PDT